Setup
Browser Isolation is enabled through Secure Web Gateway HTTP policies. By default, no traffic is isolated until an Isolation policy has been added within HTTP policies. To start isolating your traffic, you need to:
-
Create a Cloudflare Zero Trust account and select Browser Isolation as an add-on to either your Zero Trust Standard or your Zero Trust Enterprise plan.
-
Download the latest version of the WARP client .
-
Create a Device enrollment rule .
-
Set up an Isolation policy .
Cloudflare Browser Isolation integrates with your existing web browser. Once connected to Cloudflare WARP, open your browser and navigate to any websites you normally use.
Every tab is automatically connected to an isolated browser running on Cloudflare’s edge.
How to check if a webpage is isolated
The easiest way to check if a webpage is proxied through Cloudflare is by checking for the presence of a Cloudflare Root CA.
In Chrome, click the padlock to the left of your address bar and select Certificate.
Normal Browsing
Non-Cloudflare Root CA. Non-Cloudflare for Teams root certificate indicates that Cloudflare did not proxy this webpage.
Normal context menu. Right-click context menu will have all normal options.
Isolated Browsing
Cloudflare Root CA. Cloudflare for Teams + Gateway Intermediate indicates traffic was proxied through Cloudflare Gateway.
Simplified context menu. Right-click context menu be simplified.
Disconnecting Browser Isolation
If you would like to temporarily disconnect Browser Isolation, you can do this by simply selecting the WARP agent and disconnecting the client.
macOS
- Click on the Cloudflare Logo in the Menu Bar.
- Toggle the blue Connected switch into the Disconnected state.
- Refresh your webpage to return to the non-isolated page.
Windows
- Click on the Cloudflare Logo in the System Tray.
- Toggle the blue Connected switch into the Disconnected state.
- Refresh your webpage to return to the non-isolated page.